Re: Clamav

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 16, 2010 at 20:29:25 -0700,
  Craig White <craigwhite@xxxxxxxxxxx> wrote:
> 
> Clearly no OS is safe from exploit. The most effective security method
> employed on Linux is simply not to run as superuser where most Windows
> and Macintosh users are running as superuser and the software leaves it
> to the user to figure out how to run with less privileges (very possible
> but not the typical usage).

I disagree. This can help with restoring a system, but is more useful
for protecting users from each other than users from malware. User
accounts have all of the power needed to replicate malware. User accounts
have valuable data (may be private or hard to recreate), where as data
owned by root typically isn't. There have historically been a lot of local
root exploits on linux systems that allow malware to elevate its
privilieges.

I think selinux is going to of more use in this area than standard unix
file system privileges and having a separate root account. It won't solve
all of the problems, but it can help protect users from processes running
as themselves.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux